FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-09 05:46:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6e0ebb4a-5e75-11ee-a365-001b217b3468	Gitlab -- vulnerabilities Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project Group import allows impersonation of users in CI pipelines Developers can bypass code owners approval by changing a MR's base branch Leaking source code of restricted project through a fork Third party library Consul requires enable-script-checks to be False to enable patch Service account not deleted when namespace is deleted allowing access to internal projects Enforce SSO settings bypassed for public projects for Members without identity Removed project member can write to protected branches Unauthorised association of CI jobs for Machine Learning experiments Force pipelines to not have access to protected variables and will likely fail using tags Maintainer can create a fork relationship between existing projects Disclosure of masked CI variables via processing CI/CD configuration of forks Asset Proxy Bypass using non-ASCII character in asset URI Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches Removed Developer can continue editing the source code of a public project A project reporter can leak owner's Sentry instance projects Math rendering in markdown can escape container and hijack clicks Discovery 2023-09-28 Entry 2023-09-29 gitlab-ce ge 16.4.0 lt 16.4.1 ge 16.3.0 lt 16.3.5 ge 8.15 lt 16.2.8 CVE-2023-5207 CVE-2023-5207 CVE-2023-4379 CVE-2023-3413 CVE-2023-3914 CVE-2023-3115 CVE-2023-5198 CVE-2023-4532 CVE-2023-3917 CVE-2023-3920 CVE-2023-0989 CVE-2023-3906 CVE-2023-4658 CVE-2023-3979 CVE-2023-2233 CVE-2023-3922 https://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/

VuXML ID

Description

6e0ebb4a-5e75-11ee-a365-001b217b3468

Gitlab -- vulnerabilities

Attacker can add other projects policy bot as member to their own project and use that bot to trigger pipelines in victims project

Group import allows impersonation of users in CI pipelines

Developers can bypass code owners approval by changing a MR's base branch

Leaking source code of restricted project through a fork

Third party library Consul requires enable-script-checks to be False to enable patch

Service account not deleted when namespace is deleted allowing access to internal projects

Enforce SSO settings bypassed for public projects for Members without identity

Removed project member can write to protected branches

Unauthorised association of CI jobs for Machine Learning experiments

Force pipelines to not have access to protected variables and will likely fail using tags

Maintainer can create a fork relationship between existing projects

Disclosure of masked CI variables via processing CI/CD configuration of forks

Asset Proxy Bypass using non-ASCII character in asset URI

Unauthorized member can gain Allowed to push and merge access and affect integrity of protected branches

Removed Developer can continue editing the source code of a public project

A project reporter can leak owner's Sentry instance projects

Math rendering in markdown can escape container and hijack clicks

Discovery 2023-09-28
Entry 2023-09-29
gitlab-ce

ge 16.4.0 lt 16.4.1

ge 16.3.0 lt 16.3.5

ge 8.15 lt 16.2.8

CVE-2023-5207
CVE-2023-5207
CVE-2023-4379
CVE-2023-3413
CVE-2023-3914
CVE-2023-3115
CVE-2023-5198
CVE-2023-4532
CVE-2023-3917
CVE-2023-3920
CVE-2023-0989
CVE-2023-3906
CVE-2023-4658
CVE-2023-3979
CVE-2023-2233
CVE-2023-3922
https://about.gitlab.com/releases/2023/09/28/security-release-gitlab-16-4-1-released/